Browse all 3 CVE security advisories affecting grandplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GrandPlugins develops WordPress plugins primarily for enhancing website functionality and user engagement. Historically, their plugins have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, the three CVEs on record highlight recurring issues in sanitization and authentication mechanisms. Their plugins' broad installation base increases potential impact, as vulnerabilities could allow attackers to compromise websites, steal data, or distribute malicious content. Security researchers have noted inconsistent patching timelines, leaving some sites exposed between vulnerability discovery and resolution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9060 | AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — AVIF UploaderCWE-79 | 6.4 | Medium | 2024-10-01 |
This page lists every published CVE security advisory associated with grandplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.